PHP patch release-CVE-2019-11043
NAME
PHP – PHP
- Platforms Affected:
PHP - Risk Level:
high - CVE Type:
RCE
DESCRIPTION
CVE-2019-11043 is a remote code execution (RCE) vulnerability impacting multiple versions of PHP. A Metasploit module was observed in open source and subsequently shared in the underground.
CVSS Information:
- CVSS 2.0 SCORE: 7.5
- CVSS 3.0 SCORE: 9.8
- Exploit Disclosed in the Public:
true - Exploit Weaponised:
true - PoC Link:
hXXps://packetstormsecurity[.]com/files/156642/PHP-FPM-7[.]x-Remote-Code-Execution[.]html
MITIGATION
Patching information was released for impacted products and corresponding versions. The vendor addressed the vulnerability in a patch release.
- Reference Link:
https://bugs.php.net/patch-display.php?bug_id=78599&patch=0001-Fix-bug-78599-env_path_info-underflow-can-lead-to-RC.patch&revision=latest - Patch Available:
available
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.